Skip to main content

C5C Firmware

7 CVEs product

Monthly

CVE-2022-21800 MEDIUM This Month

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-21215 CRITICAL Act Now

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-21196 CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mimosa Management Platform C6X Firmware C5X Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-21176 HIGH This Week

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-21143 CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21141 CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mimosa Management Platform C6X Firmware C5X Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-0138 HIGH This Week

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
EPSS 1% CVSS 6.5
MEDIUM This Month

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mimosa Management Platform C6X Firmware +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mimosa Management Platform C6X Firmware +3
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mimosa Management Platform +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mimosa Management Platform C6X Firmware +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mimosa Management Platform C6X Firmware +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mimosa Management Platform +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Mimosa Management Platform C6X Firmware +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy